D:\CCViews\autobuild1_BR-0506-0226_5.1_Snapshot\SSE_Storage\RAIDDriver\Binaries-Free\iaStor.pdb
Static task
static1
1 signatures
General
-
Target
10d0ddcbb4f2f3cf54aca8dfd2d71411_JaffaCakes118
-
Size
851KB
-
MD5
10d0ddcbb4f2f3cf54aca8dfd2d71411
-
SHA1
4c6da3f667e6e0338513d5badf06d09d22176fee
-
SHA256
54b421c87340085d37993c98d374137f2d89d660cc9df102bc703f94c43eba7a
-
SHA512
d7256e330e0232e3afe625c136f892a4e62217f2f6f6c75f1f187c20b70a3e2165b97ca232d98e8afc4964b9a44c7c29a978a2f1d93b3c6d9bf3f8cfd8097043
-
SSDEEP
6144:RTxDv4eBEDFjJs5PZW2j7U0CtpMo8sAUYurCaDsZZEi:hxkoEDFjJEBjzCbv8s4urCaDsZZE
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 10d0ddcbb4f2f3cf54aca8dfd2d71411_JaffaCakes118
Files
-
10d0ddcbb4f2f3cf54aca8dfd2d71411_JaffaCakes118.sys windows:5 windows x86 arch:x86
c944c1aff0a12a01b038124c023a6abf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memmove
_vsnprintf
KeInsertQueueDpc
MmAllocateNonCachedMemory
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoInvalidateDeviceRelations
IoFreeWorkItem
IoRequestDeviceEject
IoQueueWorkItem
IoAllocateWorkItem
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IofCompleteRequest
IofCallDriver
IoGetDmaAdapter
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwCreateKey
swprintf
KeWaitForSingleObject
KeInitializeEvent
IoDisconnectInterrupt
IoGetConfigurationInformation
IoDeleteDevice
ExDeleteNPagedLookasideList
KeCancelTimer
IoFreeIrp
KeLeaveCriticalRegion
KeEnterCriticalRegion
IoDetachDevice
IoDeleteSymbolicLink
IoConnectInterrupt
IoReleaseRemoveLockAndWaitEx
strstr
strncat
sprintf
IoBuildDeviceIoControlRequest
PoSetPowerState
PoRegisterDeviceForIdleDetection
RtlCompareMemory
KeClearEvent
IoInitializeRemoveLockEx
ObfReferenceObject
KeSetTimer
KeBugCheckEx
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
RtlCopyUnicodeString
ObfDereferenceObject
IoGetAttachedDeviceReference
IoAllocateIrp
IoInvalidateDeviceState
strncpy
strncmp
PoRequestPowerIrp
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_local_unwind2
MmMapLockedPagesSpecifyCache
KeBugCheck
KeInitializeDpc
KeInitializeTimer
KeRemoveQueueDpc
KeQuerySystemTime
PsTerminateSystemThread
KeWaitForMultipleObjects
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ExInitializeNPagedLookasideList
MmMapIoSpace
ExRegisterCallback
ExCreateCallback
IoReportResourceForDetection
ExUnregisterCallback
MmUnmapIoSpace
RtlCheckRegistryKey
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
RtlUnicodeStringToInteger
wcsncpy
wcsstr
_wcsupr
IoGetDeviceProperty
ZwCreateDirectoryObject
READ_REGISTER_ULONG
PsGetVersion
_alldiv
PoStartNextPowerIrp
PoCallDriver
_purecall
ExSystemTimeToLocalTime
_except_handler3
RtlCreateRegistryKey
DbgPrint
ZwOpenKey
ZwClose
ZwQueryValueKey
RtlWriteRegistryValue
RtlInitUnicodeString
wcslen
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
ExFreePoolWithTag
MmGetPhysicalAddress
KeSetEvent
WRITE_REGISTER_ULONG
hal
ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
READ_PORT_ULONG
WRITE_PORT_ULONG
WRITE_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeStallExecutionProcessor
READ_PORT_BUFFER_USHORT
READ_PORT_USHORT
ExAcquireFastMutex
Sections
.text Size: 259KB - Virtual size: 259KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 573KB - Virtual size: 572KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ